Group encryption/decryption enabled. (#14514)

* Group encryption/decryption enabled.

* Group encryption/decryption enabled: Bugs fixed.

examples/all-clusters-app/all-clusters-common/all-clusters-app.matter

@@ -1523,7 +1523,7 @@ server cluster GroupKeyManagement = 63 {
     INT64U epochStartTime2 = 7;
   }
 
-  readonly attribute GroupKey groupKeyMap[] = 0;
+  attribute GroupKey groupKeyMap[] = 0;
   readonly attribute GroupInfo groupTable[] = 1;
   readonly attribute int16u maxGroupsPerFabric = 2;
   readonly attribute int16u maxGroupKeysPerFabric = 3;

examples/chip-tool/commands/common/Commands.cpp

@@ -25,6 +25,7 @@
 
 #include <lib/support/CHIPMem.h>
 #include <lib/support/CodeUtils.h>
+#include <lib/support/TestGroupData.h>
 
 void Commands::Register(const char * clusterName, commands_list commandsList)
 {
@@ -44,6 +45,9 @@ int Commands::Run(int argc, char ** argv)
     err = mStorage.Init();
     VerifyOrExit(err == CHIP_NO_ERROR, ChipLogError(Controller, "Init Storage failure: %s", chip::ErrorStr(err)));
 
+    err = chip::GroupTesting::InitGroupData();
+    VerifyOrExit(err == CHIP_NO_ERROR, ChipLogError(Controller, "Init Group Data failure: %s", chip::ErrorStr(err)));
+
     chip::Logging::SetLogFilter(mStorage.GetLoggingLevel());
 
     err = RunCommand(argc, argv);

examples/thermostat/thermostat-common/thermostat.matter

@@ -341,7 +341,7 @@ server cluster GroupKeyManagement = 63 {
     CHAR_STRING<16> groupName = 3;
   }
 
-  readonly attribute GroupKey groupKeyMap[] = 0;
+  attribute GroupKey groupKeyMap[] = 0;
   readonly attribute GroupInfo groupTable[] = 1;
   readonly global attribute int16u clusterRevision = 65533;
 }

examples/tv-app/tv-common/tv-app.matter

@@ -707,7 +707,7 @@ server cluster GroupKeyManagement = 63 {
     CHAR_STRING<16> groupName = 3;
   }
 
-  readonly attribute GroupKey groupKeyMap[] = 0;
+  attribute GroupKey groupKeyMap[] = 0;
   readonly attribute GroupInfo groupTable[] = 1;
   readonly global attribute int16u clusterRevision = 65533;
 }

examples/tv-casting-app/tv-casting-common/tv-casting-app.matter

@@ -1373,7 +1373,7 @@ server cluster GroupKeyManagement = 63 {
     CHAR_STRING<16> groupName = 3;
   }
 
-  readonly attribute GroupKey groupKeyMap[] = 0;
+  attribute GroupKey groupKeyMap[] = 0;
   readonly attribute GroupInfo groupTable[] = 1;
   readonly global attribute int16u clusterRevision = 65533;
 }

src/app/clusters/group-key-mgmt-server/group-key-mgmt-server.cpp

@@ -186,8 +186,8 @@ class GroupKeyManagementAttributeAccess : public AttributeAccessInterface
         ReturnErrorOnFailure(aDecoder.Decode(list));
         ReturnErrorOnFailure(list.ComputeSize(&new_count));
 
-        // Remove existing keys
-        ReturnErrorOnFailure(provider->RemoveGroupKeys(fabric_index));
+        // Remove existing keys, ignore errors
+        provider->RemoveGroupKeys(fabric_index);
 
         // Add the new keys
         auto iter = list.begin();
@@ -267,7 +267,7 @@ bool emberAfGroupKeyManagementClusterKeySetWriteCallback(
         return true;
     }
 
-    if (commandData.groupKeySet.epochKey0.empty() || (0 == commandData.groupKeySet.epochStartTime0))
+    if (commandData.groupKeySet.epochKey0.empty() || 0 == commandData.groupKeySet.epochStartTime0)
     {
         // If the EpochKey0 field is null or its associated EpochStartTime0 field is null,
         // then this command SHALL fail with an INVALID_COMMAND
@@ -285,7 +285,8 @@ bool emberAfGroupKeyManagementClusterKeySetWriteCallback(
     // Epoch Key 1
     if (!commandData.groupKeySet.epochKey1.empty())
     {
-        if (commandData.groupKeySet.epochStartTime1 <= commandData.groupKeySet.epochStartTime0)
+        if (0 == commandData.groupKeySet.epochStartTime1 ||
+            commandData.groupKeySet.epochStartTime1 <= commandData.groupKeySet.epochStartTime0)
         {
             // If the EpochKey1 field is not null, its associated EpochStartTime1 field SHALL contain
             // a later epoch start time than the epoch start time found in the EpochStartTime0 field.
@@ -300,11 +301,13 @@ bool emberAfGroupKeyManagementClusterKeySetWriteCallback(
     // Epoch Key 2
     if (!commandData.groupKeySet.epochKey2.empty())
     {
-        keyset.num_keys_used++;
-        if (commandData.groupKeySet.epochStartTime2 <= commandData.groupKeySet.epochStartTime1)
+        if (commandData.groupKeySet.epochKey1.empty() || 0 == commandData.groupKeySet.epochStartTime2 ||
+            commandData.groupKeySet.epochStartTime2 <= commandData.groupKeySet.epochStartTime1)
         {
-            // If the EpochKey1 field is not null, its associated EpochStartTime1 field SHALL contain
-            // a later epoch start time than the epoch start time found in the EpochStartTime0 field.
+            // If the EpochKey2 field is not null then:
+            // * The EpochKey1 field SHALL NOT be null
+            // * Its associated EpochStartTime1 field SHALL contain a later epoch start time
+            //   than the epoch start time found in the EpochStartTime0 field.
             emberAfSendImmediateDefaultResponse(EMBER_ZCL_STATUS_INVALID_COMMAND);
             return true;
         }
@@ -364,35 +367,34 @@ bool emberAfGroupKeyManagementClusterKeySetReadCallback(
     if (keyset.num_keys_used > 0)
     {
         response.groupKeySet.epochStartTime0 = keyset.epoch_keys[0].start_time;
-        response.groupKeySet.epochKey0       = chip::ByteSpan(nullptr, 0);
     }
     else
     {
         response.groupKeySet.epochStartTime0 = 0;
-        response.groupKeySet.epochKey0       = chip::ByteSpan(nullptr, 0);
     }
+    response.groupKeySet.epochKey0 = ByteSpan();
+
     // Keyset 1
     if (keyset.num_keys_used > 1)
     {
         response.groupKeySet.epochStartTime1 = keyset.epoch_keys[1].start_time;
-        response.groupKeySet.epochKey1       = chip::ByteSpan(nullptr, 0);
     }
     else
     {
         response.groupKeySet.epochStartTime1 = 0;
-        response.groupKeySet.epochKey1       = chip::ByteSpan(nullptr, 0);
     }
+    response.groupKeySet.epochKey1 = ByteSpan();
+
     // Keyset 2
     if (keyset.num_keys_used > 2)
     {
         response.groupKeySet.epochStartTime2 = keyset.epoch_keys[2].start_time;
-        response.groupKeySet.epochKey2       = chip::ByteSpan(nullptr, 0);
     }
     else
     {
         response.groupKeySet.epochStartTime2 = 0;
-        response.groupKeySet.epochKey2       = chip::ByteSpan(nullptr, 0);
     }
+    response.groupKeySet.epochKey2 = ByteSpan();
 
     CHIP_ERROR err = commandObj->AddResponseData(commandPath, response);
     if (CHIP_NO_ERROR != err)

src/app/clusters/groups-server/groups-server.cpp

@@ -83,8 +83,11 @@ static EmberAfStatus GroupAdd(FabricIndex fabricIndex, EndpointId endpointId, Gr
     GroupDataProvider * provider = GetGroupDataProvider();
     VerifyOrReturnError(nullptr != provider, EMBER_ZCL_STATUS_NOT_FOUND);
 
-    provider->SetGroupInfo(fabricIndex, GroupDataProvider::GroupInfo(groupId, groupName));
-    CHIP_ERROR err = provider->AddEndpoint(fabricIndex, groupId, endpointId);
+    CHIP_ERROR err = provider->SetGroupInfo(fabricIndex, GroupDataProvider::GroupInfo(groupId, groupName));
+    if (CHIP_NO_ERROR == err)
+    {
+        err = provider->AddEndpoint(fabricIndex, groupId, endpointId);
+    }
     if (CHIP_NO_ERROR == err)
     {
         return EMBER_ZCL_STATUS_SUCCESS;

src/app/tests/TestWriteInteraction.cpp

@@ -25,6 +25,7 @@
 #include <lib/core/CHIPTLVDebug.hpp>
 #include <lib/core/CHIPTLVUtilities.hpp>
 #include <lib/support/ErrorStr.h>
+#include <lib/support/TestGroupData.h>
 #include <lib/support/TestPersistentStorageDelegate.h>
 #include <lib/support/UnitTestRegistration.h>
 #include <messaging/ExchangeContext.h>
@@ -417,12 +418,6 @@ void TestWriteInteraction::TestWriteRoundtrip(nlTestSuite * apSuite, void * apCo
 
 namespace {
 
-constexpr uint16_t kMaxGroupsPerFabric    = 5;
-constexpr uint16_t kMaxGroupKeysPerFabric = 8;
-
-static chip::TestPersistentStorageDelegate sDelegate;
-static chip::Credentials::GroupDataProviderImpl sProvider(sDelegate, kMaxGroupsPerFabric, kMaxGroupKeysPerFabric);
-
 /**
  *   Test Suite. It lists all the test functions.
  */
@@ -446,13 +441,12 @@ const nlTest sTests[] =
  */
 int Test_Setup(void * inContext)
 {
-    SetGroupDataProvider(&sProvider);
     VerifyOrReturnError(CHIP_NO_ERROR == chip::Platform::MemoryInit(), FAILURE);
-    VerifyOrReturnError(CHIP_NO_ERROR == sProvider.Init(), FAILURE);
-
 
     VerifyOrReturnError(TestContext::Initialize(inContext) == SUCCESS, FAILURE);
 
+    VerifyOrReturnError(CHIP_NO_ERROR == chip::GroupTesting::InitGroupData(), FAILURE);
+
     return SUCCESS;
 }
 

src/app/tests/suites/TestGroupKeyManagementCluster.yaml

@@ -23,6 +23,19 @@ tests:
       cluster: "DelayCommands"
       command: "WaitForCommissionee"
 
+    - label: "Read maxGroupsPerFabric"
+      command: "readAttribute"
+      attribute: "maxGroupsPerFabric"
+      response:
+          constraints:
+              minValue: 2
+
+    - label: "Read maxGroupKeysPerFabric"
+      command: "readAttribute"
+      attribute: "maxGroupKeysPerFabric"
+      response:
+          value: 2
+
     - label: "Add Group 1"
       disabled: true
       cluster: "Groups"
@@ -167,15 +180,3 @@ tests:
                       groupName: "Group #1",
                   },
               ]
-
-    - label: "Read maxGroupsPerFabric"
-      command: "readAttribute"
-      attribute: "maxGroupsPerFabric"
-      response:
-          value: 1
-
-    - label: "Read maxGroupKeysPerFabric"
-      command: "readAttribute"
-      attribute: "maxGroupKeysPerFabric"
-      response:
-          value: 1

src/app/tests/suites/TestGroupMessaging.yaml

@@ -63,6 +63,53 @@ tests:
               - name: "groupId"
                 value: 0x0001
 
+    - label: "KeySet Write 1"
+      cluster: "Group Key Management"
+      command: "KeySetWrite"
+      arguments:
+          values:
+              - name: "GroupKeySet"
+                value:
+                    {
+                        groupKeySetID: 0x0101,
+                        securityPolicy: 0,
+                        epochKey0: "\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf",
+                        epochStartTime0: 1110000,
+                        epochKey1: "\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf",
+                        epochStartTime1: 1110001,
+                        epochKey2: "\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf",
+                        epochStartTime2: 1110002,
+                    }
+
+    - label: "KeySet Write 2"
+      cluster: "Group Key Management"
+      command: "KeySetWrite"
+      arguments:
+          values:
+              - name: "GroupKeySet"
+                value:
+                    {
+                        groupKeySetID: 0x0102,
+                        securityPolicy: 0,
+                        epochKey0: "\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf",
+                        epochStartTime0: 2220000,
+                        epochKey1: "\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef",
+                        epochStartTime1: 2220001,
+                        epochKey2: "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff",
+                        epochStartTime2: 2220002,
+                    }
+
+    - label: "Write Group Keys"
+      cluster: "Group Key Management"
+      command: "writeAttribute"
+      attribute: "groupKeyMap"
+      arguments:
+          value:
+              [
+                  { fabricIndex: 1, groupId: 0x1234, groupKeySetID: 0x0101 },
+                  { fabricIndex: 1, groupId: 0x0001, groupKeySetID: 0x0102 },
+              ]
+
     # Test Pair 1 : Sends a Group Write Attribute
     - label: "Group Write Attribute"
       command: "writeAttribute"

src/app/zap-templates/zcl/data-model/chip/group-key-mgmt-cluster.xml

@@ -56,7 +56,7 @@ limitations under the License.
     <code>0x003F</code>
     <define>GROUP_KEY_MANAGEMENT_CLUSTER</define>
     <description>The Group Key Management Cluster is the mechanism by which group keys are managed.</description>
-    <attribute side="server" code="0x0000" define="GROUP_KEY_MAP" type="ARRAY" length="254" entryType="GroupKey" writable="false" optional="false">groupKeyMap</attribute>
+    <attribute side="server" code="0x0000" define="GROUP_KEY_MAP" type="ARRAY" length="254" entryType="GroupKey" writable="true" optional="false">groupKeyMap</attribute>
     <attribute side="server" code="0x0001" define="GROUP_TABLE" type="ARRAY" length="254" entryType="GroupInfo" writable="false" optional="false">groupTable</attribute>
     <attribute side="server" code="0x0002" define="MAX_GROUPS_PER_FABRIC" type="INT16U" writable="false" optional="false">maxGroupsPerFabric</attribute>
     <attribute side="server" code="0x0003" define="MAX_GROUP_KEYS_PER_FABRIC" type="INT16U" writable="false" optional="false">maxGroupKeysPerFabric</attribute>

src/controller/data_model/controller-clusters.matter

@@ -1838,7 +1838,7 @@ client cluster GroupKeyManagement = 63 {
     INT64U epochStartTime2 = 7;
   }
 
-  readonly attribute GroupKey groupKeyMap[] = 0;
+  attribute GroupKey groupKeyMap[] = 0;
   readonly attribute GroupInfo groupTable[] = 1;
   readonly attribute int16u maxGroupsPerFabric = 2;
   readonly attribute int16u maxGroupKeysPerFabric = 3;